CMSimple.ORG
Support Forum
CMSimple Admin
Sitemap
Print Version
da de es fi fr it nl ru se sk pl
Last update:
August 20. 2010 00:25:39

Valid HTML 4.01 Transitional

Dichos y Refranes Escribir al Reves
CMSimple.ORG > Installer's Manual > Security issues

Security issues

PASSWORD

Change the login settings in the config.php file!
The first time you log in, change the login settings in the config.php file.
From the editor, choose [SETTINGS], choose edit configuration find the correct box and type in your changed password and username. [SAVE]
Note: password is before user name.

When available, you should use wwwaut to get the best protection available - read more about wwwaut.

LOGIN LINK

For security reasons, you could remove the 'login'-link in the HTML-template. When you want to edit, you then type '&login' at the end of the URL. i.e.
http://yoursite?yourpage&login
This makes it less apparent, that you are working with an online editing system.

As it is now, the login information is stored in a cookie in clear text, and it could, in theory, be misused by some evil person monitoring your internet traffic.
Security is to be improved in future releases, ie. password encryption.

.htaccess

For Apache users: Please check, that the folder /cmsimple/config.php is protected by the .htaccess file!

On Win32 you will have to configure Apache to use .htaccess. It is NOT possible to use .htaccess on MS IIS.

SUGGESTIONS

Suggestions on how to improve security on different systems will be appreciated.
< TOP >
Powered by CMSimple